} // </editor-fold> // // It's time to process Rules !!!! // // <editor-fold desc="Rule Processing" defaultstate="collapsed" > $totalObjectsProcessed = 0; foreach ($rulesToProcess as &$rulesRecord) { $store = $rulesRecord['store']; $rules =& $rulesRecord['rules']; $subObjectsProcessed = 0; print "\n* processing ruleset '" . $store->toString() . " that holds " . count($rules) . " rules\n"; foreach ($rules as $rule) { // If a filter query was input and it doesn't match this object then we simply skip it if ($objectFilterRQuery !== null) { $queryResult = $objectFilterRQuery->matchSingleObject(array('object' => $rule, 'nestedQueries' => &$nestedQueries)); if (!$queryResult) { continue; } } $totalObjectsProcessed++; $subObjectsProcessed++; // object will pass through every action now foreach ($doActions as $doAction) { $doAction->padding = ' '; $doAction->executeAction($rule); print "\n"; } } print "* objects processed in DG/Vsys '{$store->owner->name()}' : {$subObjectsProcessed} filtered over {$store->count()} available\n\n"; }
return $denyRule; } else { unset($denyRules[$index]); } } return $foundRule; } foreach ($rulesToProcess as $index => $rule) { $loopCount++; if (isset($rule->alreadyMerged)) { continue; } if ($rule->actionIsNegative()) { continue; } if ($filterQuery !== null && !$filterQuery->matchSingleObject($rule)) { continue; } print "\n"; /** @var SecurityRule[] $matchingHashTable */ $matchingHashTable = $hashTable[$rule->mergeHash]; $rulePosition = $rulesArrayIndex[$rule->indexPosition]; // clean already merged rules foreach ($matchingHashTable as $ruleToCompare) { if (isset($ruleToCompare->alreadyMerged)) { unset($matchingHashTable[$ruleToCompare->serial]); } } if (count($matchingHashTable) == 1) { print "- no match for rule #{$loopCount} '{$rule->name()}''\n"; continue;
}, 'arg' => true); RQuery::$defaultFilters['rule']['dst']['operators']['has.recursive.from.query'] = array('eval' => function ($object, &$nestedQueries, $argument) { /** @var $object Rule|SecurityRule */ if ($object->destination->count() == 0) { return false; } if ($argument === null || !isset($nestedQueries[$argument])) { derr("cannot find nested query called '{$argument}'"); } $errorMessage = ''; $rQuery = new RQuery('address'); if ($rQuery->parseFromString($nestedQueries[$argument], $errorMessage) === false) { derr('nested query execution error : ' . $errorMessage); } foreach ($object->destination->all() as $member) { if ($rQuery->matchSingleObject(array('object' => $member, 'nestedQueries' => &$nestedQueries))) { return true; } } return false; }, 'arg' => true); // // // Tag Based filters // // // RQuery::$defaultFilters['rule']['tag']['operators']['has'] = array('eval' => function ($object, &$nestedQueries, $value) { /** @var $object Rule|SecurityRule|NatRule|DecryptionRule */ return $object->tags->hasTag($value) === true; }, 'arg' => true, 'argObjectFinder' => "\$objectFind=null;\n\$objectFind=\$object->tags->parentCentralStore->find('!value!');"); RQuery::$defaultFilters['rule']['tag']['operators']['has.nocase'] = array('eval' => function ($object, &$nestedQueries, $value) { /** @var $object Rule|SecurityRule|NatRule|DecryptionRule */ return $object->tags->hasTag($value, false) === true;
} } // </editor-fold> // // It's time to process Rules !!!! // // <editor-fold desc=" ***** Object Processing *****" defaultstate="collapsed" > $totalObjectsProcessed = 0; foreach ($objectsToProcess as &$objectsRecord) { $subObjectsProcessed = 0; $store = $objectsRecord['store']; $objects =& $objectsRecord['objects']; print "\n* processing store '" . PH::boldText($store->toString()) . " that holds " . PH::boldText(count($objects)) . " objects\n"; foreach ($objects as $object) { if ($objectFilterRQuery !== null) { $queryResult = $objectFilterRQuery->matchSingleObject($object); if (!$queryResult) { continue; } } $totalObjectsProcessed++; $subObjectsProcessed++; //mwarning($object->name()); foreach ($doActions as $doAction) { $doAction->executeAction($object); print "\n"; } } print "* objects processed in DG/Vsys '{$store->owner->name()}' : {$subObjectsProcessed}\n\n"; } // </editor-fold>
/** * Returns an Array with all Rules inside this store * @param null|string $withFilter * @return SecurityRule[]|NatRule[] */ public function &rules($withFilter = null) { $query = null; if ($withFilter !== null && $withFilter != '') { $errMesg = ''; $query = new RQuery('rule'); if ($query->parseFromString($withFilter, $errMsg) === false) { derr("error while parsing query: {$errMesg}"); } $res = array(); foreach ($this->rules as $rule) { if ($query->matchSingleObject($rule)) { $res[] = $rule; } } if ($this->isPreOrPost) { foreach ($this->postRules as $rule) { if ($query->matchSingleObject($rule)) { $res[] = $rule; } } } return $res; } if (!$this->isPreOrPost) { $res = $this->rules; return $res; } $res = array_merge($this->rules, $this->postRules); return $res; }